手机/手机上的OpenID [英] OpenID on a mobile/cell phone

问题描述

我正在尝试在我的网站的移动版本(ASP.net MVC，dotnetopenid)上设置OpenID身份验证.当我较早(使用WAP互联网，索尼爱立信w200i)对其进行测试时，它重定向到了提供程序OK，但是开始时很慢，然后由于我怀疑页面太大而完全失败了.

I am trying to set up OpenID authentication on a mobile version of a site of mine (ASP.net MVC, dotnetopenid). When i tested it out earlier (Using WAP internet, Sony Ericsson w200i) it redirected to the provider OK but was very slow to start with, then failed completely due to what i suspect was a too large page.

有人知道一种为连接缓慢的WAP用户实现OpenID的好方法吗?有提供者提供专门的移动页面吗?

Does anyone know a good way to implement OpenID for WAP users with a slow connection? Do any providers provide a specialised mobile page?

如果很难在电话上实现OpenID，除了用户名和密码外，还有其他选择吗?

If OpenID is difficult to implement on a phone, are there any alternatives apart from username and password?

推荐答案

在手机上可能会发生几个问题:

There are a couple problems that could happen on a mobile phone:

1. 请求大小:OpenID有时可能会携带较大的有效负载.这可能意味着较大的HTTP GET URL或POST.如果RP或OP实施OpenID的能力较差，则除了可能导致缓慢的重定向外，它还可能导致浏览器实际中止请求，从而导致用户体验中断. (DotNetOpenId/DotNetOpenAuth对请求的大小非常谨慎，并根据需要在GET和POST之间跳转).为了减轻这种风险并加快处理速度，请仅使用所需的OpenID扩展，并仅请求绝对需要的属性.

1. Request size: OpenID can at times carry a large payload. This might mean a large HTTP GET URL or a POST. Besides making it potentially a slow redirect, if either RP or OP implement OpenID poorly, it can cause the browser to actually abort the request, causing the user experience to break. (DotNetOpenId/DotNetOpenAuth is careful with the sizes of requests and jumping between GET and POST as needed). To mitigate this risk and speed things up, only use OpenID extensions you need and only request attributes you absolutely require.

不完全的Javascript支持:某些RP和OP依靠浏览器中的Javascript支持来协助重定向(尤其是使用POST时).有些手机不支持(足够)Javascript，这又会破坏用户体验.大多数站点和库(包括DotNetOpenAuth)通过显示继续"按钮来减轻这种风险，如果Javascript不起作用，用户可以单击该按钮.

Incomplete Javascript support: some RPs and OPs rely on Javascript support in the browser to assist in the redirect (particularly when POST is used). Some phones don't support (enough) Javascript and this again will break the user experience. Most sites and libraries (including DotNetOpenAuth) mitigate this risk by displaying a "Continue" button the user can click if Javascript doesn't work.

除此之外，OpenID没什么特别的，可以使电话上的OpenID无法正常工作.但要记住的一件事是由于电话的体积小，密钥输入很困难，因此身份验证cookie可能应该持续更长的时间，因此用户不必频繁登录(无论是使用用户名+密码还是OpenID).而且，这是他们的个人电话，因此保持他们作为共享计算机登录的安全性并不是很大.

Other than that, there's nothing really special about OpenID that should make OpenID on the phone not work. One thing to keep in mind though is due to the small form factor of phones, key entry is difficult, and so authentication cookies should probably last longer so users don't have to login (whether with username+password or OpenID) as frequently. Also, it's their personal phone, so it's not as much of a security risk to keep them logged in as a shared computer.

这篇关于手机/手机上的OpenID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！